ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.
☆36Jun 1, 2023Updated 2 years ago
Alternatives and similar repositories for ARDvark
Users that are interested in ARDvark are comparing it to the libraries listed below
Sorting:
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Parsers for common structures across windows formats.☆12Aug 23, 2023Updated 2 years ago
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago
- Synopsis is a tool to aid analysts reviewing browser history files by providing a high-level “synopsis” of key information.☆23Oct 31, 2018Updated 7 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- Simple CLI utility to save off an image from every webcam hooked into a mac☆14May 20, 2021Updated 4 years ago
- lnk_parser is a full rust implementation to parse windows LNK files☆23Feb 17, 2026Updated last month
- USN to JSON☆22Apr 4, 2020Updated 5 years ago
- ☆11Jun 30, 2016Updated 9 years ago
- Tools for macOS Forensic Bootable media☆16May 20, 2020Updated 5 years ago
- ☆110May 14, 2018Updated 7 years ago
- A DFVFS Backed Forensic Viewer☆42Apr 13, 2020Updated 5 years ago
- NTFS file system specimens☆13Jul 3, 2023Updated 2 years ago
- A document tagging library☆33Mar 27, 2025Updated 11 months ago
- ☆24Aug 30, 2019Updated 6 years ago
- Get a list of installed software in a safe manner☆11Aug 7, 2017Updated 8 years ago
- JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…☆17Jan 31, 2021Updated 5 years ago
- Collection of Nmap scripts☆10Nov 27, 2015Updated 10 years ago
- Windows eventlog formatting, live fetching and querying utility in C☆20May 26, 2020Updated 5 years ago
- RisingSun: Decoding SUNBURST C2 to identify infected hosts without network telemetry.☆10Jan 14, 2021Updated 5 years ago
- [⛔️ Deprecated] Venator is a python tool used to gather data for proactive detection of malicious activity on macOS devices.☆177Jul 1, 2020Updated 5 years ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆43Sep 21, 2023Updated 2 years ago
- Jamf Pro scripts and API calls for computers, mobile devices, and users — some shell, some Python☆28May 10, 2024Updated last year
- extract and parse WEVT_TEMPLATEs from PE files☆18Dec 30, 2023Updated 2 years ago
- Help deobfuscate VBScript☆18Jul 1, 2022Updated 3 years ago
- WMI SA stuffs☆30Apr 18, 2022Updated 3 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- A Canary which fires when uninstalled☆34Mar 16, 2021Updated 5 years ago
- Set up a quick and dirty audit log on an SQLite db.☆16May 16, 2013Updated 12 years ago
- JSON Power Tool: Retrieve and manipulate JSON data using JSONPath, JSON Pointer, JSON Patch, and JSON Merge Patch. Written in Javascript,…☆34Nov 6, 2023Updated 2 years ago
- pwncat windows c2 components☆22Jun 21, 2021Updated 4 years ago
- r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems☆11Aug 6, 2018Updated 7 years ago
- Parses the WMI object database....looking for persistence☆34Dec 12, 2019Updated 6 years ago
- The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.☆13Sep 9, 2020Updated 5 years ago
- ☆12Aug 10, 2019Updated 6 years ago
- PoC that manipulates Windows file times using SetFileTime() API☆63May 25, 2019Updated 6 years ago
- isodump - ISO dump utility☆41Jun 9, 2019Updated 6 years ago
- Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data☆13Jul 16, 2019Updated 6 years ago
- Capture all RabbitMQ messages being sent through a broker.☆32Feb 13, 2021Updated 5 years ago